Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b49d3e7706ac304e31948f50429a6d7

  • Size

    13.0MB

  • Sample

    240120-ydhmtsfdhl

  • MD5

    6b49d3e7706ac304e31948f50429a6d7

  • SHA1

    904e80ea7a968eb30bf59a13149646677658bbc4

  • SHA256

    b0c0d02c67d0b842ccec146c5f37f7fa5f4ab0431bbec2ec9e9a4d7aa90298c9

  • SHA512

    8444cd71d3e2dd764359d6b0fd44e06da41acd8cdc9dc68f9f3ed0090bd03b7850f0c6adc08e5c2436e3092803d9207bd5772b47c39c7663ff7ea02c3aa37a56

  • SSDEEP

    196608:yU7d9xZSt4U7d9xZStSU7d9xZSt4U7d9xZSt7:D7d9xZo7d9xZS7d9xZo7d9xZe

Malware Config

Targets

    • Target

      6b49d3e7706ac304e31948f50429a6d7

    • Size

      13.0MB

    • MD5

      6b49d3e7706ac304e31948f50429a6d7

    • SHA1

      904e80ea7a968eb30bf59a13149646677658bbc4

    • SHA256

      b0c0d02c67d0b842ccec146c5f37f7fa5f4ab0431bbec2ec9e9a4d7aa90298c9

    • SHA512

      8444cd71d3e2dd764359d6b0fd44e06da41acd8cdc9dc68f9f3ed0090bd03b7850f0c6adc08e5c2436e3092803d9207bd5772b47c39c7663ff7ea02c3aa37a56

    • SSDEEP

      196608:yU7d9xZSt4U7d9xZStSU7d9xZSt4U7d9xZSt7:D7d9xZo7d9xZS7d9xZo7d9xZe

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks